Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Anonymous surfing my ass!

From: full-disclosure () lists netsys com (Roland Postle)
Date: Sun, 14 Jul 2002 16:05:14 +0100
Combine an incompetant programmer with a wanna-be incompetant researcher
and what do you get?  A stupid advisory.

First of all, you "hacked your way out of" Anonymizer.  Does this mean
that you paid for their service, then managed to surf without being
anonymous?  Or, you managed to get their pay service for free?


I think if you at least clicked the advisory link (
http://spoor12.edup.tudelft.nl/SkyLined%20v4.2/?Advisories/Anonymous
surfing, NOT! ) it would help relieve some of your ignorance. What he's
reffering to is a getting script (usually javascript) through the filters
and executing on the 'anonymous' person's machine. If a site can do that
they can save cookies to the machine, thereby breaking the anonymity.

It's not really cross site scripting, though the techniques used to get it
through are similar. Right now 'cross site scripting' seems to be the buzz
word attached to any security breach involving scripts. Something we have to
live with I guess. Anyway, whatever it's called SkyLined seems to be the
l33test at it ;)

- Blazde
Previous By Date Next
Previous By Thread Next

Current thread: